William Regli, Ph.D.Director of the Institute for Systems Research at the Clark School of Engineering, Professor of Computer Science at the University of Maryland at College ParkA New Type of ThinkingFriday, June 22, 2018Life Sciences Center 10511:00 AM

Search ISTS

Healthcare Information Technology Security

Technology infrastructure in the healthcare realm requires secure and effective systems to meet two of its most significant challenges of the 21st century: improving the quality of care and controlling costs. "As President Obama has made clear, the vision for a 21st century health system requires all health information in electronic form, delivered instantly and securely to individuals and their care providers when needed, and it should be capable of analysis for constant improvement and research," points out ISTS director Denise Anthony. Yet developing, deploying and using information technology that is both secure and genuinely effective in the complex clinical, organizational, and economic environment of healthcare is a significant challenge. This project’s multidisciplinary approach will develop and analyze information-sharing technology that ensures security and privacy while meeting the pragmatic needs of patients, clinical staff, and healthcare organizations to deliver efficient, high-quality care.

ISTS has emerged as a leader in the study of healthcare information technology security. ISTS affiliates have engaged in numerous healthcare research efforts and have been awarded more than $8M in grant funding to continue their work in areas of critical need. In just the past four years, ISTS affiliates have conducted research through:

Through these efforts ISTS researchers have published dozens of papers, presented at numerous conferences, welcomed experts from the healthcare IT security community to speak at Dartmouth, and hosted the Securing Information Technology in Healthcare (SITH) workshop series. Each of these projects and more are summarized below. For more detailed information on each effort, please follow the links to the individual pages.

Current Research

Trustworthy Health and Wellness (THaW)

Former ISTS Director and Champion International Professor of Computer Science David Kotz is leading a Frontier-level, $10 million, 5-year, grant awarded by the National Science Foundation's Secure and Trustworthy Cyberspace program. The mission of the project, entitled Trustworthy Health and Wellness (THaW), is to enable the promise of health and wellness technology by innovating mobile- and cloud-computing systems that respect the privacy of individuals and the trustworthiness of medical information.

Professor Kotz is heading a multi-disciplinary, multi-institution team that includes experts in computer science, health policy, healthcare IT, behavioral science, and business. The other institutions involved include: Johns Hopkins, the University of Illinois at Urbana-Champaign, and the University of Michigan. Lisa Marsch, Director of the Center for Technology and Behavioral Health at Dartmouth's Geisel School of Medicine and Eric Johnson, formerly of Dartmouth's Tuck School of Business and ISTS affiliate, now Dean of the Owen Graduate School of Management at Vanderbilt, also are collaborating on the project.

Amulet

In September 2013, a joint team comprised of ISTS affiliates and Clemson University researchers were awarded $1.5M over three years to further their research on mobile health technology. Awarded by the National Science Foundation's Computer Systems Research program, the Dartmouth portion of the project, called "Amulet", is led by Former ISTS Director and Champion International Professor of Computer Science David Kotz. Clemson's team is led by former ISTS postdoctoral fellow Jacob Sorber.

As described on their website, the Amulet project team "envisions a simple wristband that you can wear anywhere, any time, in any activity, which helps you monitor and manage your health. Unlike popular fitness trackers, this wristband talks to your other health and fitness devices, so they know it's you using them – and gives you a quick and easy way to approve the transfer of health information from one device to another or to your health record. It can help track your use of medications and remind you when it's time for the next dose. And, the wristband can provide critical health data to responders if you experience a medical emergency. It works with health-related apps on your smartphone or even on your smart television – but only when you and your Amulet are present and give permission."

Trustworthy Information Systems for Healthcare (TISH)

Ending in September 2013, the TISH project's multidisciplinary research worked to drive innovation in information-sharing technology that ensured security and privacy while addressing the pragmatic needs of patients, clinical staff, and healthcare organizations to deliver efficient, high-quality care. This multidisciplinary team of investigators addressed fundamental challenges in current and emerging areas of information security, as identified by its healthcare partners, and focused on four research "threads".

The NSF-funded project was a three-year effort and was a partnership among the Dartmouth Institute for Security, Technology, and Society (ISTS), the Dartmouth-Hitchcock Medical Center (DHMC), the Veterans Affairs Medical Center (VAMC) in White River Junction, Vermont, The Dartmouth Institute for Health Policy and Clinical Practice (TDIHPCP), Google, and Intel.

Securing Information Technology in Healthcare Workshop Series

The Securing Information Technology in Healthcare (SITH) workshops, hosted by ISTS, were created to provide a forum to discuss security and privacy of health information for experts from a broad range of perspectives, from officers at large healthcare companies, startups and nonprofits, to physicians, researchers and policy makers. The SITH (May 2010) and SITH2 (May 2012) workshops focused on the security and privacy challenges of health IT in a variety of healthcare settings. SITH3 (May 2013) focused more specifically on mobile health (mHealth), considering the security and privacy implications of mHealth as well as a range of other challenges relevant to mHealth. All three workshops were held on the campus of Dartmouth College, and included invited speakers from across the US and beyond.

Summaries of each workshop, including video for SITH3, are available on each workshops webpage.

Strategic Healthcare IT Advanced Research Projects on Security (SHARPS)

The SHARPS project will advance the sophistication, development, and deployment of security and privacy for Health Information Technology (HIT) through long-term research that is strategically managed for fundamental impact and incremental short-term benefits. SHARPS is organized around three major environments: Electronic Health Records (EHRs), Health Information Exchanges (HIEs), and Telemedicine (TEL), with Personal Health Records (PHRs) included as a major subtopic.

Professor David Kotz leads the Telemedicine (TEL) project and is a member of the executive committee. He also co-leads the Telemedicine project's REMOTE component (Remote Monitoring for Mobile and Assisted Living) with Professor Denise Anthony.

In addition to her work on the TEL-REMOTE component, Professor Anthony co-leads the Electronic Health Record (EHR) project's EHR-POL Component (Policy Terrain and Implications of HIT).

Watch the following video for an overview of the SHARPS project.

Foundation for Trusted and Scalable Mobile Healthcare

Professor David Kotz is collaborating with Professor Ashutosh Sabharwal of Rice University and a team from the Indian Institute of Technology (IIT) Delhi on this effort. The team is developing the scientific foundations for a modular “kit” of mHealth components -- portable, inexpensive, and usable by patients or healthcare workers with limited training -- that can be assembled into a variety of combinations for different circumstances or healthcare purposes. Scientifically, they are addressing two fundamental questions:

how to construct secure, self-aware sensors that can attest to the provenance of the sensor data and its context; and

how to design a system for “computational triage” that can provide real-time on-site feedback to the patient, avoiding the need for every patient visit, every data point, to be examined by skilled health professionals.

Past Research

The research is working to advance usability testing of mobile applications by integrating contextualized and automated techniques. Unlike the traditional desktop environment, mobile user experience is heavily influenced by user context (physical location, transport mode, social surroundings, task intention, etc.). The novelty of this project is a model-based usability testing approach that quantitatively integrates user context. The expected outcomes include:

a new framework of automated usability analysis to improve the effectiveness of diary studies by jointly modeling user cognition, application state, and user context;

a set of operationalized usability rules developed for mobile applications; and

a simulation-based development toolkit for automated usability inspection.

This project addresses an emerging research theme and an urgent practical need, and is expected to produce technology solutions and educational materials for timely dissemination. Professor David Kotz and his research team are participating in this project led by the University of Massachusetts Lowell's Professor Guanling Chen.

mHealth Privacy Roadmap

Professor David Kotz led this effort in which the team examined the privacy requirements of mobile computing technologies that have the potential to transform healthcare. Such mHealth technology enables physicians to remotely monitor patients' health, and enables individuals to manage their own health more easily. As part of the effort, the team developed a conceptual privacy framework for mHealth, itemizing the privacy properties needed in mHealth systems, and discussing the technologies that could support privacy-sensitive mHealth systems.

This project was a continuation of the DAMSA project (Data Assurance in Medical Sensor Applications) that was completed in 2009. This portion of the effort developed methods to assess confidence in medical sensor data. The research was led by Professor Kotz and Professor Tanzeem Choudhury (now of Cornell University).

Information Technology Use and Impact in Healthcare

This research effort explored HIPAA compliance in U.S. hospitals, as well as the impact of HIT on hospital quality and costs. The project strove to (1) advance the empirical evidence of the impact of HIT on hospital quality; and (2) lay the groundwork for a follow-on project to examine longitudinal effects of HIT on care quality. The project was funded by the National Institute of Standards and Technology, as well as an internal grant from the Rockefeller Center for Public Policy at Dartmouth. Denise Anthony was PI, and the project included Eric Johnson, and a postdoc.

Information Risk in Data-Oriented Enterprises (IRIDOE)

IRIDOE examined the security risks associated with access-control mechanisms and policies in hospitals. The project was co-led by Eric Johnson (Tuck) and Sean Smith (CS) and is funded by Department of Homeland Security’s National Cyber Security Division.

Technology in Practice

This project explored the impact of electronic medical records for physician communication, and for the coordination of care of chronically ill patients. The project was led by Denise Anthony and Brooke Herndon (MD, DHMC).